Skip to content

Add application level Python audit logging #53

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jamesbursa merged 4 commits into from
Jan 4, 2023
Merged

Add application level Python audit logging #53

jamesbursa merged 4 commits into from
Jan 4, 2023

Conversation

@jamesbursa
Copy link
Contributor

@jamesbursa jamesbursa commented Dec 22, 2022

Ticket

None

Changes

  • Add module api.logging.audit that implements Python audit logging.
  • Add module api.util.collections.dict with class LeastRecentlyUsedDict.

Context for reviewers

Python has an audit events feature. This code uses the feature to log audit events, which can be useful for security analysis.

The logs have a custom logging level AUDIT.

Testing

A selection of logs when the server starts, include file opens, socket operations, and subprocess start:

Screenshot_2022-12-22_14-42-54

zelgadis
zelgadis approved these changes Dec 23, 2022
View reviewed changes
Copy link
Contributor

@zelgadis zelgadis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Made a few suggestions / nits, but nothing blocking 👍

app/api/util/collections/dict.py
import collections


class LeastRecentlyUsedDict(collections.OrderedDict):
Copy link
Contributor

@zelgadis zelgadis Dec 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this file be named least_recently_used_dict.py?

Copy link
Contributor

@zelgadis zelgadis Dec 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And in app/api/util/collections/__init__.py we can do:

from .least_recently_used_dict import LeastRecentlyUsedDict

And to use it:

from api.util.collections import LeastRecentlyUsedDict

LeastRecentlyUsedDict(maxsize=4)

Which I think is a little cleaner than:

from api.util.collections.dict import dict_util

dict_util.LeastRecentlyUsedDict(maxsize=4)

Copy link
Contributor Author

@jamesbursa jamesbursa Jan 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Used the name dict as this could contain other dict related utilities in future. I added the import to __init__.py.

@jamesbursa jamesbursa merged commit 802127b into main Jan 4, 2023
@jamesbursa jamesbursa deleted the jamesbursa/add-audit-logging branch January 4, 2023 18:35
@lorenyu lorenyu mentioned this pull request Jan 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zelgadis zelgadis zelgadis approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jamesbursa @zelgadis